BugTraq
Back to list
|
Post reply
phpinfo() XSS Vulnerability
Mar 06 2010 11:03AM
info securitylab ir
(1 replies)
Re: phpinfo() XSS Vulnerability
Mar 08 2010 09:29PM
Salvatore Fresta aka Drosophila (drosophilaxxx gmail com)
I tested it with php 5.1.6 and 5.2.6 and seems not work. The
request_uri's content is encoded before to be printed:
/phpinfo.php?+%3CScRipT%3Ealert(0111001101100101011000110111010101110010
011010010111010001111001);%3C/sCrIpT%3E+
--
Salvatore Fresta aka Drosophila
http://www.salvatorefresta.net
CWNP444351
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
request_uri's content is encoded before to be printed:
/phpinfo.php?+%3CScRipT%3Ealert(0111001101100101011000110111010101110010
011010010111010001111001);%3C/sCrIpT%3E+
--
Salvatore Fresta aka Drosophila
http://www.salvatorefresta.net
CWNP444351
[ reply ]